b'                       U.S. Environmental Protection Agency                                                    09-P-0186\n                                                                                                            June 30, 2009\n                       Office of Inspector General\n\n\n                       At a Glance\n                                                                              Catalyst for Improving the Environment\n\n\nWhy We Did This Review            Results of Technical Network Vulnerability\nThe Office of Inspector\n                                  Assessment: EPA\xe2\x80\x99s National Computer Center\nGeneral contracted with\nWilliams, Adley & Company,         What Williams, Adley & Company, LLP, Found\nLLP, to conduct the annual\naudit of the U.S.                 Vulnerability testing of EPA\xe2\x80\x99s National Computer Center (NCC) network devices\nEnvironmental Protection          conducted in April 2009 indicated several high-risk vulnerabilities. If not\nAgency\xe2\x80\x99s (EPA\xe2\x80\x99s) compliance       resolved, these vulnerabilities could expose EPA\xe2\x80\x99s assets to unauthorized access\nwith the Federal Information      and potential harm to the Agency\xe2\x80\x99s network.\nSecurity Management Act\n(FISMA). Williams, Adley &         What Williams, Adley & Company, LLP, Recommends\nCompany, LLP, conducted the\nnetwork vulnerability testing     Williams, Adley & Company, LLP, recommends that the Director of the National\nof the Agency\xe2\x80\x99s network           Computer Center:\ndevices located at EPA\xe2\x80\x99s\nNational Computer Center in       \xe2\x80\xa2   Implement actions to resolve all high-risk vulnerability findings.\nResearch Triangle Park, North\n                                  \xe2\x80\xa2   Update EPA\xe2\x80\x99s Automated Security Self Evaluation and Remediation\nCarolina.\n                                      Tracking (ASSERT) system.\n                                  \xe2\x80\xa2   Perform a technical vulnerability assessment test of NCC devices within\nBackground                            30 days to demonstrate and document corrective actions that have resolved\n                                      the vulnerabilities.\nThe network vulnerability\ntesting was conducted to          Due to the sensitive nature of the report\xe2\x80\x99s technical findings, the full report is not\nidentify any network risk         available to the public.\nvulnerabilities and present the\nresults to the appropriate EPA\nofficials to promptly\nremediate or document\nplanned actions to resolve the\nvulnerability.\n\n\n\nFor further information,\ncontact our Office of\nCongressional, Public Affairs\nand Management at\n(202) 566-2391.\n\x0c'